func (s *ServiceProviderSettings) Init() (err error) {
if s.hasInit {
return nil
}
s.hasInit = true
if s.SPSignRequest {
s.publicCert, err = util.LoadCertificate(s.PublicCertPath)
if err != nil {
panic(err)
}
s.privateKey, err = util.LoadCertificate(s.PrivateKeyPath)
if err != nil {
panic(err)
}
}
//support for a IDP cert or a PEM encoded public key
if s.IDPPublicCertPath != "" {
s.iDPPublicCert, err = util.LoadCertificate(s.IDPPublicCertPath)
if err != nil {
panic(err)
}
}
return nil
}
func TestResponseSignatureVerificationWithPubKeyPem(t *testing.T) {
assert := assert.New(t)
cert, err := util.LoadCertificate("./default.crt")
assert.NoError(err)
// Construct an AuthnRequest
response := NewSignedResponse()
response.Signature.KeyInfo.X509Data.X509Certificate.Cert = cert
b, err := xml.MarshalIndent(response, "", " ")
assert.NoError(err)
xmlResponse := string(b)
signedXml, err := SignResponse(xmlResponse, "./default.key")
assert.NoError(err)
assert.NotEmpty(signedXml)
sp := ServiceProviderSettings{
IDPPublicCertPath: "./pubkey.pem",
XmlSecVerifyFlag: "--pubkey-pem",
}
err = VerifyResponseSignatureWithSettings(signedXml, &sp)
assert.NoError(err)
}
func TestResponse(t *testing.T) {
assert := assert.New(t)
cert, err := util.LoadCertificate("./default.crt")
assert.NoError(err)
// Construct an AuthnRequest
response := NewSignedResponse()
response.Signature.KeyInfo.X509Data.X509Certificate.Cert = cert
b, err := xml.MarshalIndent(response, "", " ")
assert.NoError(err)
xmlResponse := string(b)
signedXml, err := SignResponse(xmlResponse, "./default.key")
assert.NoError(err)
assert.NotEmpty(signedXml)
err = VerifyRequestSignature(signedXml, "./default.crt")
assert.NoError(err)
}
